hook.iat

Discuss Malware removal, techniques, trends, etc. and repairing Windows after removal.
Forum rules
1. Try to give more than you take, when possible.
2. Don't be a prick.

hook.iat

Postby PaulTECH » Fri Oct 17, 2014 2:16 pm

Using D7 -> ran Roguekiller and in the Rootkits tab I have the below. The author says this is because it is unknown. How do I verify and clear out the real rootkit without deleting a legitimate Windows file? thanks for the help!

"¤¤¤ Antirootkit : 102 (Driver: Not loaded [0xc000035f]) ¤¤¤
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd3f30c0
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd3f4034
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a193c
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a14e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a15e0
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a15e0
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a14e8
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff3c0680
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff3d2a30
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff3c3e90
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3e2e18
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff3d7490
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff3dea20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff3b9370
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff3b8284
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff3bd9d0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff3def20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff3df1ac
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff3c9980
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff3ebf00
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\Windows\system32\ole32.dll @ 0x7feff4d9440
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff3d8e70
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff3d8e20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff3d3560
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff3d1314
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a193c
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a15e0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a14e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a193c
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\system32\VERSION.dll @ 0x7fefc0a1b94
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\VERSION.dll @ 0x7fefc0a15e0
[IAT:Addr] (iexplore.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc0a15e0
[IAT:Addr] (iexplore.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc0a193c
[IAT:Addr] (iexplore.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc0a14e8
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc0a193c
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc0a14e8
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc0a15e0
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\system32\ole32.dll @ 0x7feff3c0680
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\system32\ole32.dll @ 0x7feff3d2a30
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\system32\ole32.dll @ 0x7feff3c3e90
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\system32\ole32.dll @ 0x7feff3e2e18
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\system32\ole32.dll @ 0x7feff3d7490
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff3dea20
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\system32\ole32.dll @ 0x7feff3b9370
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\system32\ole32.dll @ 0x7feff3b8284
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\system32\ole32.dll @ 0x7feff3bd9d0
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\system32\ole32.dll @ 0x7feff3def20
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\system32\ole32.dll @ 0x7feff3df1ac
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\system32\ole32.dll @ 0x7feff3c9980
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\system32\ole32.dll @ 0x7feff3ebf00
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\Windows\system32\ole32.dll @ 0x7feff4d9440
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\system32\ole32.dll @ 0x7feff3d8e70
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\system32\ole32.dll @ 0x7feff3d8e20
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\system32\ole32.dll @ 0x7feff3d3560
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\system32\ole32.dll @ 0x7feff3d1314
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc0a193c
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc0a15e0
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc0a14e8
[IAT:Addr] (iexplore.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc0a14e8
[IAT:Addr] (iexplore.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc0a193c
[IAT:Addr] (iexplore.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\system32\version.DLL @ 0x7fefc0a1b94
[IAT:Addr] (iexplore.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc0a15e0
[IAT:Addr] (iexplore.exe @ CLBCatQ.DLL) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\system32\version.DLL @ 0x7fefc0a14e8
[IAT:Addr] (iexplore.exe @ CLBCatQ.DLL) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\system32\version.DLL @ 0x7fefc0a193c
[IAT:Addr] (iexplore.exe @ CLBCatQ.DLL) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\system32\version.DLL @ 0x7fefc0a1b94
[IAT:Addr] (iexplore.exe @ CLBCatQ.DLL) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\system32\version.DLL @ 0x7fefc0a15e0
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\SysWOW64\version.DLL @ 0x73c51b51
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\SysWOW64\version.DLL @ 0x73c518e9
[IAT:Addr] (iexplore.exe @ IEFRAME.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\SysWOW64\version.DLL @ 0x73c51a15
[IAT:Addr] (iexplore.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\SysWOW64\version.DLL @ 0x73c51b51
[IAT:Addr] (iexplore.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\SysWOW64\version.DLL @ 0x73c51a15
[IAT:Addr] (iexplore.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\SysWOW64\version.DLL @ 0x73c518e9
[IAT:Addr] (iexplore.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\Windows\SysWOW64\version.DLL @ 0x73c51b72
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\Windows\syswow64\ole32.dll @ 0x7534e599
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\Windows\syswow64\ole32.dll @ 0x753709ad
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\Windows\syswow64\ole32.dll @ 0x7535a72f
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Windows\syswow64\ole32.dll @ 0x753654ad
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\Windows\syswow64\ole32.dll @ 0x75379d0b
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\Windows\syswow64\ole32.dll @ 0x7535f150
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\Windows\syswow64\ole32.dll @ 0x7534eb17
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\Windows\syswow64\ole32.dll @ 0x753c0cc2
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\Windows\syswow64\ole32.dll @ 0x753715d5
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\Windows\syswow64\ole32.dll @ 0x7535f1eb
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\Windows\syswow64\ole32.dll @ 0x7535ef03
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\Windows\syswow64\ole32.dll @ 0x75342d6d
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\Windows\syswow64\ole32.dll @ 0x75345ea5
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\Windows\syswow64\ole32.dll @ 0x753722ec
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\Windows\syswow64\ole32.dll @ 0x7537ea4c
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\Windows\syswow64\ole32.dll @ 0x75386f41
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\Windows\syswow64\ole32.dll @ 0x7535503c
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\Windows\syswow64\ole32.dll @ 0x753786d3
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\SysWOW64\version.DLL @ 0x73c51a15
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\SysWOW64\version.DLL @ 0x73c51b51
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\SysWOW64\version.DLL @ 0x73c518e9
[IAT:Addr] (iexplore.exe @ MSHTML.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\SysWOW64\version.DLL @ 0x73c51a15
[IAT:Addr] (iexplore.exe @ MSHTML.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\SysWOW64\version.DLL @ 0x73c51b51
[IAT:Addr] (iexplore.exe @ MSHTML.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\SysWOW64\version.DLL @ 0x73c518e9
[IAT:Addr] (iexplore.exe @ jscript9.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\Windows\SysWOW64\version.DLL @ 0x73c51b51
[IAT:Addr] (iexplore.exe @ jscript9.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\Windows\SysWOW64\version.DLL @ 0x73c51a15
[IAT:Addr] (iexplore.exe @ jscript9.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\Windows\SysWOW64\version.DLL @ 0x73c518e9
"
PaulTECH
 
Posts: 37
Joined: Mon Feb 18, 2013 11:57 am

Re: hook.iat

Postby PaulTECH » Sat Oct 18, 2014 2:47 am

One suggestion was to run MBAR. Any suggestion specific to D7? Any help is greatly appreciated.
PaulTECH
 
Posts: 37
Joined: Mon Feb 18, 2013 11:57 am

Re: hook.iat

Postby Dannim » Sat Oct 18, 2014 9:54 am

From a quick onceover I don't see anything out of the ordinary there. Were they all in orange in Roguekiller? If so, it just means they're unknown or unidentified at this time.
Dannim
 
Posts: 61
Joined: Mon Feb 11, 2013 10:50 am

Re: hook.iat

Postby PaulTECH » Sat Oct 18, 2014 4:35 pm

Yes, I think they are "unknown.' Thanks for the feedback.

I ran a permissions reset from D7 and then ran delete temp. internet files and it appears to hang. Could be I'm not patient enough and there is a hugh IE temp file. The other issue is in the MalwareScan utility when I check run keys it never populates?
PaulTECH
 
Posts: 37
Joined: Mon Feb 18, 2013 11:57 am

Re: hook.iat

Postby PaulTECH » Wed Oct 22, 2014 1:13 pm

Here is the infection I'm dealing with: http://www.bleepingcomputer.com/virus-r ... ransomware

The "Documents and Settings" and another folder in the c:/ root has a lock symbol and opening gives an "Access Denied". I ran the D7 "Permissions reset" and the D7 "Take Control" but nothing happened and the lock remains. This is a remote session so I don't have the computer to do an off-line repair.

On this machine and another one I was working on yesterday when I'm in the D7 Malware Scan and click the "Run Keys" it never populates, says Scanning and eventually "Not Responding". However, Sysinternals Autoruns works.

Any help is appreciated! Thanks.
PaulTECH
 
Posts: 37
Joined: Mon Feb 18, 2013 11:57 am


Return to Malware Removal